Monday, October 29, 2012

OvertheWire - Natas Wargame Level 5 Writeup

Level 5

As before, we can use the credentials obtained from the previous post to log in to Level 5. Upon doing so, we are presented with the following screen:



We can see that there appears to be something that is not allowing us to login. My first thought (again, proved to be correct [woo-hoo]) was that a cookie was the cause. Let's take a look at what cookies are being used by the site. I use a Chrome extension called Edit This Cookie (thanks for the catch, Murilo!) to do this:


We can immediately see a cookie called 'loggedin', which is currently 0 (for False). Let's just change this to a '1' and see what happens:


Now, let's just reload the page:


Awesome. Just as we hoped, the challenge believes we are logged in, and returns the password for natas6 to us, which we can use to log in to the next challenge. More writeups to come.

-Jordan

2 comments:

  1. Jordan, thanks for your posts, I'm learning a lot! Just to add:

    The correct name of the cookie editor is "Edit This Cookie"


    Here:

    https://chrome.google.com/webstore/detail/edit-this-cookie/fngmhnnpilhplaeedifhccceomclgfbg

    ReplyDelete
  2. Great catch! I was just going on a whim that it was called Cookie Manager (in all honesty, I was too lazy to look it back up) :) I have fixed the name and given credit for the keen observation where it's due.

    Glad you're enjoying the posts! Don't hesitate to let me know if you have any questions!

    ReplyDelete